OpenBSD init script (rails+nginx+unicorn)

[Mikkel Bang]

Can/should this init script be rewritten/simplified for OpenBSD?

https://gist.github.com/3447050 (an application-specific init
scriptfor
a
rails+nginx+unicorn 
 setup)

I like how OpenBSD's init scripts reuse /etc/rc.d/rc.subr, but is this
possible in my case?

Thanks!

Mikkel

Re: OpenSSL handling intermediate certificates

[Kevin Chadwick]

> However,
> this would require DNSSEC to be secure (which itself seems to be mired
> in controvery lately, not to mention the slow rate of adoption)

Do you have a reference for that. I know of the controversy around
DNSCURVE before DNSSEC even arrived but haven't seen any of late. Is it
to do with the restriction of key length by dns record size and use of
RSA rather than ecdsa which offers more security to key length ratio or
something else?


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)
___

договаривались сегодня увидеться

[Alina Gorina]

?This is a text part of the message.
It is shown for the users of old-style e-mail clients

Perl script ran by chrooted apache

[Mik J]

Hello,

I have the following perl script that works in command line:
#!/usr/bin/perl
use Net::DNS;
my $res   = Net::DNS::Resolver->new;
my $query =
$res->search("www.openbsd.org");

if ($query) {
    foreach my $rr
($query->answer) {
    next unless $rr->type eq "A";
    print
$rr->address, "\n";
    }
} else {
    warn "query failed: ",
$res->errorstring, "\n";


# ./dns.pl
142.244.12.42


But I want the result to
be accessed by web users.

I looked at this article
http://www.undeadly.org/cgi?action=article&sid=20080805194342

I installed
mod_perl
# mod_perl-enable

Added this line (sites don't talk about it, but I
think it should be here)

AddHandler cgi-script .pl


and had my virtual host
configured

    ServerAdmin mikyde...@yahoo.fr
    DocumentRoot
/htdocs
    ServerName 192.168.1.1
    PerlModule Apache::PerlRun
   

    SetHandler perl-script
    PerlHandler
Apache::PerlRun
    PerlRequire /var/www/htdocs/cgi/startup.pl
   
Options ExecCGI
    PerlSendHeader On
    allow from all
   

    ErrorDocument 404 /404.html
    ErrorLog
logs/192.168.1.1-error_log
    CustomLog logs/192.168.1.1-access_log common


I configured the startup.pl file to load the Net::DNS library
# cat /var/www/htdocs/cgi/startup.pl
use Net::DNS ();
use Net::DNS::RR::A ();
1;

And restarted Apache

The last bit that I'm missing is where should I put
my dns.pl file

I tried in /var/www/htdocs/cgi/ but when I access
http://192.168.1.1/cgi/dns.pl
I have a blank page

In theory when Apache is
started it loads Net::DNS so that dns.pl can use it.

I don't think I'm far
from the solution but I'm stuck here. Does anyone have an idea how can I make
it work ?

Re: Perl script ran by chrooted apache

[Sébastien Marie]

On Fri, Aug 24, 2012 at 06:02:39PM +0100, Mik J wrote:
> Hello,
> 
> I have the following perl script that works in command line:
>
> [...] 
> 
> # ./dns.pl
> 142.244.12.42
> 
> [...]
>
> I tried in /var/www/htdocs/cgi/ but when I access
> http://192.168.1.1/cgi/dns.pl
> I have a blank page
> 
> In theory when Apache is
> started it loads Net::DNS so that dns.pl can use it.
> 
> I don't think I'm far
> from the solution but I'm stuck here. Does anyone have an idea how can I make
> it work ?
> 

Hi,

Just a question, the cgi script is the *same* that the command line script ?

If yes, you should first print HTTP headers before the content.

Try:
print "Content-Type: text/plain";
print "";

at the start of your script. 

The command line should echo:
$ ./dns.pl
Content-Type: text/plain

142.244.12.42
$ 

-- 
Sébastien Marie

Re: OpenBSD init script (rails+nginx+unicorn)

[Mikkel Bang]

For what it's worth, here she is:

https://gist.github.com/3447050

the Linux version sure is jealous now :-)

Mikkel

2012/8/24 Mikkel Bang 

> Can/should this init script be rewritten/simplified for OpenBSD?
>
> https://gist.github.com/3447050 (an application-specific init 
> scriptfor a
> rails+nginx+unicorn 
>  setup)
>
> I like how OpenBSD's init scripts reuse /etc/rc.d/rc.subr, but is this
> possible in my case?
>
> Thanks!
>
> Mikkel

Re: Perl script ran by chrooted apache

[Mik J]

> De : Sébastien Marie 
> On Fri, Aug 24, 2012
at 06:02:39PM +0100, Mik J wrote:
>>  Hello,
>> 
>>  I have the following perl
script that works in command line:
>> 
>>  [...] 
>> 
>>  # ./dns.pl
>>
142.244.12.42
>> 
>>  [...]
>> 
>>  I tried in /var/www/htdocs/cgi/ but when I
access
>>  http://192.168.1.1/cgi/dns.pl
>>  I have a blank page
>> 
>>  In
theory when Apache is
>>  started it loads Net::DNS so that dns.pl can use it.
>> 
>>  I don't think I'm far
>>  from the solution but I'm stuck here. Does
anyone have an idea how can 
> I make
>>  it work ?
> 
> Hi,
> 
> Just a
question, the cgi script is the *same* that the command line script ?
> 
> If
yes, you should first print HTTP headers before the content.
> 
> Try:
> print
"Content-Type: text/plain";
> print "";
> 
> at the start of your script. 
>
> The command line should echo:
> $ ./dns.pl
> Content-Type: text/plain
> 
>
142.244.12.42
> $ 


Hello Sebastien,

Yes there is only one script that is
called dns.pl
I did what you tell me but the web page remains blank. In
command line it's ok
# ./dns.pl
Content-Type: text/plain
142.244.12.42


My
apache log tells this
192.168.1.11 - - [24/Aug/2012:23:11:16 +0200] "GET
/cgi/dns.pl HTTP/1.1" 200 208

Re: Perl script ran by chrooted apache

[Mik J]

I modified the wrong file. Since I was debugging I had created many copies of
that script.
Yes your solution works. Thank you.




- Mail original -
> De : Mik J 
> À : "misc@openbsd.org" 
> Cc : 
> Envoyé le : Vendredi 24 août 2012 23h14
> Objet : Re: Perl script
ran by chrooted apache
> 
> 
> 
>>  De : Sébastien Marie

>>  On Fri, Aug 24, 2012 at 06:02:39PM +0100,
Mik J wrote:
>>>   Hello,
>>> 
>>>   I have the following perl script that
works in command line:
>>> 
>>>   [...] 
>>> 
>>>   # ./dns.pl
>>>  
142.244.12.42
>>> 
>>>   [...]
>>> 
>>>   I tried in /var/www/htdocs/cgi/ but
when I access
>>>   http://192.168.1.1/cgi/dns.pl
>>>   I have a blank page
>>> 
>>>   In theory when Apache is
>>>   started it loads Net::DNS so that
dns.pl can use it.
>>> 
>>>   I don't think I'm far
>>>   from the solution
but I'm stuck here. Does anyone have an idea how 
> can 
>>  I make
>>>   it
work ?
>> 
>>  Hi,
>> 
>>  Just a question, the cgi script is the *same* that
the command line script 
> ?
>> 
>>  If yes, you should first print HTTP
headers before the content.
>> 
>>  Try:
>>  print "Content-Type: text/plain";
>>  print "";
>> 
>>  at the start of your script. 
>> 
>>  The command line
should echo:
>>  $ ./dns.pl
>>  Content-Type: text/plain
>> 
>>  142.244.12.42
>>  $ 
> 
> 
> Hello Sebastien,
> 
> Yes there is only one script that is
called dns.pl
> I did what you tell me but the web page remains blank. In
command line it's 
> ok
> # ./dns.pl
> Content-Type: text/plain
>
142.244.12.42
> 
> 
> My apache log tells this
> 192.168.1.11 - -
[24/Aug/2012:23:11:16 +0200] "GET /cgi/dns.pl 
> HTTP/1.1" 200 208

ПОРА ОТДЫХАТЬ!

[Путешествуйте с нами]

! ÏÎÐÀ  ÎÒÏÓÑÊ ÏÎ ËÓ×ØÈÌ ÖÅÍÀÌ !
Çâîíèòå ïðÿìî ñåé÷àñ:  (044) 501-60-30, 067-230-06-63

ÊÈÒÀÉ -ñàìûå ëó÷øèå öåíû îò îïåðàòîðà!
îòäûõ íà î. Õàéíàíü ñ ïåðåëåòîì à/ê Òðàíñàýðî (Ìîñêâà-Ñàíüÿ- Ìîñêâà)
êîìáèíèðîâàííûå òóðû: ýêñêóðñèîíêà+ îòäûõ íà ìîðå
Àâèàáèëåòû, âèçîâàÿ ïîääåðæêà (îäíîêðàòíûå 150 ó.å/÷åë, äâóõêðàòíûå 210
ó.å/÷åë, ìóëüòèâèçû 500 ó.å/÷åë)
Áèçíåñ-òóðû. Îðãàíèçàöèÿ ïîåçäîê íà âûñòàâêó. Øîï òóðû. Óñëóãè ïåðåâîä÷èêà.
Ýêñêóðñèîííûå òóðû (Ïåêèí, Øàíõàé, Ñèàíü, Ëîÿí, Ãîíêîíã, Ãóéëèíü, Ëõàñà è
äð.)
ÊÀÍÒÎÍÑÊÀß ßÐÌÀÐÊÀ  485ó.å/÷åë

ÒÓÐÖÈß  îò 517 ó.å./÷åë. íà âñ¸ âêëþ÷åíî
ÑÒÀÌÁÓË - ýêñêóðñèîííûå òóðû îò îïåðàòîðà
Weekend â Ñòàìáóëå îò 167 åâðî  +àâèà
Î÷àðîâàëåëüíûé Ñòàìáóë îò 217 åâðî +àâèà
Ñòàìáóëüñêèé Ôååðâåðê îò 242 åâðî (5 äíåé) + àâèà
Àíòè÷íîå îæåðåëüå Òóðöèè îò 528 åâðî (8 äíåé) + àâèà


ÅÃÈÏÅÒ  ðàííåå áðîíèðîâàíèå äî 31.08!
íà îñåííèå äåòñêèå êàíèêóëû íà "âñ¸ âêëþ÷åíî"
SULTAN BEACH HOTEL 4* 668 ó.å/÷åë
STEIGENBERGER AL DAU CLUB 4 * 697 ó.å/÷åë
Lillyland 4* 705 ó.å/÷åë
CORAL BEACH ROTANA RESORT 4* 710 ó.å/÷åë
FESTIVAL LE JARDIN RESORT 5 * 744 ó.å/÷åë
SUNRISE DIAMOND BEACH RESORT 5 * 780 ó.å/÷åë
Sea Star Beau Rivage 5* 809 ó.å/÷åë
SEA LIFE RESORT 5 * 812 ó.å/÷åë
Beach Albatros Resort 5* 818 ó.å/÷åë
SUNRISE MAMLOUK PALACE RESORT 5 * 840 ó.å/÷åë
Desert Rose Hurghada 5* 859 ó.å/÷åë
PALM ROYALE SOMA BAY 5*Deluxe 981 ó.å/÷åë


ÎÀÝ îò 432 ó.å/÷åë
3*  Al Seef Hotel - 432 ó.å/÷åë.
3* Ibis Hotel, Al Barsha - 510 ó.å/÷åë
5* Fujairah Rotana Resort - 518 ó.å./÷åë. íà çàâòðàêàõ,  685 ó.å/÷åë íà
çàâòðàê è óæèí
5* Miramar Al Aqah Beach Resort - 542 ó.å./÷åë. íà çàâòðàêàõ, 789 ó.å/÷åë íà
çàâòðàê è óæèí
5* Cove Rotana Resort - 606 ó.å./÷åë. íà çàâòðàêàõ, 773 ó.å/÷åë íà çàâòðàê è
óæèí
5* Kempinski Ajman - 858 ó.å./÷åë. íà çàâòðàêàõ
5* Jebel Ali Hotel (ex. Jebel Ali Golf Resort & SPA) 5* -928 ó.å./÷åë. íà
çàâòðàêàõ
(ñ àâèàïåðåë¸òîì, âûëåò â ñåíòÿáðå íà 7 íî÷åé, ïèòàíèå - çàâòðàêè)

ÈÇÐÀÈËÜ íà Åâðåéñêèé Íîâûé Ãîä
Ýêñêóðñèîííûå òóðû îò 699 ó.å/÷åë ñ àâèà

Øðè ëàíêà+Ìàëüäèâû
Ýêñêóðñèîíêà íà Øðè Ëàíêå+îòäûõ íà Ìàëüäèâàõ îò 1999 ó.å/÷åë ñ àâèàïåðåë¸òîì
Îòäûõ íà ïîáåðåæüå îò 993 ó.å/÷åë ñ àâèà

ÄÎÌÈÍÈÊÀÍÀ îò 1866 ó.å/÷åë
VIK HOTEL ARENA BLANCA 4* 1891 ó.å
CATALONIA BAVARO RESORT 5* 1977 ó.å
MELIA CARIBE TROPICAL 5* 2290 ó.å
GRAN BAHIA PRINCIPE AMBAR 5* 2242 ó.å
(ñ àâèàïåðåë¸òîì ñ Êèåâà, âûëåò 10.09, 10 íî÷åé, ïèòàíèå - âñ¸ âêëþ÷åíî)
 ïðîäàæå åñòü òóðû íà Íîâûé Ãîä îò 2871 ó.å/÷åë íà 11 íî÷åé ñ 26.12!

ÊÓÁÀ îò 1607 ó.å/÷åë
MERCURE CUATRO PALMAS HOTEL 4* 1702 ó.å
OCCIDENTAL ALLEGRO VARADERO 4* 1808 ó.å
IBEROSTAR LAGUNA AZUL 5* 2138 ó.å
SANDALS ROYAL HICACOS RESORT 5* 2345 ó.å
(ñ àâèàïåðåë¸òîì ñ Êèåâà, âûëåò 10.09, 10 íî÷åé, ïèòàíèå - âñ¸ âêëþ÷åíî)
 ïðîäàæå åñòü òóðû íà Íîâûé Ãîä îò 2439 ó.å/÷åë íà 12 íî÷åé îò 29.12!

ÌÅÊÑÈÊÀ íà îñåííûå êàíèêóëû îò 1982 ó.å/÷åë
REAL PLAYA DEL CARMEN 4* 1982 ó.å
FLAMINGO CANCUN 4*  2042 ó.å
RIU TEQUILA 5* 2153 ó.å
GRAND RIVIERA & GRAND SUNSET PRINCESS 5* 2221 ó.å
(ñ àâèàïåðåë¸òîì ñ Êèåâà, âûëåò 28.10, 10 íî÷åé, ïèòàíèå - âñ¸ âêëþ÷åíî)
 ïðîäàæå åñòü òóðû íà Íîâûé Ãîä îò 2540 ó.å/÷åë íà 11 íî÷åé ñ 26.12!

ÃÐÅÖÈß (áàðõàòíûé ñåçîí)
î.ÊÐÈÒ
3*  Thalia - 388 åâðî
3* Sergios Hotel - 485 åâðî, âñå âêëþ÷åíî
4* DIOGENIS PALACE - 573 åâðî, âñå âêëþ÷åíî
5* Aquis Blue Sea Resort & Spa - 747 åâðî
5* ALDEMAR KNOSSOS ROYAL - 898 åâðî
î.ÐÎÄÎÑ*  Anika Studios - 462 åâðî
3* Esmeralda Hotel 3* - 515 åâðî
4*  FORUM BEACH - 515 åâðî, âñå âêëþ÷åíî
5*  Ixian Grand - 733 åâðî
ï-îâ.ÕÀËÊÈÄÈÊÈ ñ 30.08
2*+  Julia Hotel - 460 åâðî, âñå âêëþ÷åíî
3* Olympic Kosma Hotel - 487 åâðî
4* Mendi Hotel - 560 åâðî
5*  Dion Palace Resort - 600 åâðî
5* Porto Carras Meliton Hotel - 719 åâðî
ñòîèìîñòü çà 7 í. ñ àâèà çà 1 ÷åë.

ÊÈÏÐ
2* Larco - 340 åâðî
3* Golden Arches - 477 åâðî
4* Avlida Hotel - 572 åâðî
58 Venus Beach - 734 åâðî

ÈÑÏÀÍÈß
Êîñòà Áðàâà\Êîñòà Äîðàäà
3* SERHS VILA HOTEL - 530 åâðî
3* SAN SALVADOR - 572 åâðî (740 åâðî - Âñå âêëþ÷åíî)
4* MARVEL COMA RUGA - 702 åâðî
4* BEST CAMBRILS - 437 åâðî
î.Ìàéîðêà
3* TRH TORRENOVA - 634 åâðî
4*  TRH JARDIN DEL MAR - 765 åâðî
î.Òåíåðèôå (Êàíàðñêèå î-âà)
2* LAGUNA PARK II - 550 åâðî
4*  RIU ARECAS - 787 åâðî
4* SOL TENERIFE - 908 åâðî
5*   GRAN MELIA PALACIO DE ISORA 5* - 1003 åâðî

ÌÀËÜÒÀ - îòäûõ è ó÷åáà!
Àíãëèéñêèé ÿçûê äëÿ âçðîñëûõ ! Êðóãëîãîäè÷íûå øêîëû! 7í. - îò 443 åâðî+àâèà
Äåòñêèå ëàãåðÿ ñ èçó÷åíèå àíãëèéñêîãî ÿçûêà! 14í. îò 1180 åâðî
Ëåòî íà Ìàëüòå ïðîäîëæàåòñÿ! ñ ïåðåñàäêîé â Ãåðìàíèè - ïåðåëåòû êàæäûé äåíü!

×ÅÐÍÎÃÎÐÈß
Belux Mikica Villa "A" - 443 åâðî, # ñ êóõíåé
  Azzuro Budva Villa "B" - 486 åâðî, # ñ êóõíåé
  Salus Villa "A" - 532 åâðî
Franeta Villa "A" - 557 åâðî

ÕÎÐÂÀÒÈß
Pinocchio Villa - 495 åâðî
3* Flora Madera - 523 åâðî
4* Punta Depadance Vodice - 656 åâðî
5*   Le Meridien Lav - 955 åâðî

ÁÎËÃÀÐÈß
7í. ñ Àâèà çà 1 ÷åë.
2*Balkan Sunny Beach - 203 åâðî
3* Vila Granat - 220 åâðî
4* Royal Sun Hotel - 315 åâðî
5* Admiral Golden Sands - 399 åâðî


Ðåãóëÿðíûå àâòîáóñíûå òóðû ïî Åâðîïå:
" ðèòìå ÷àðäàøà" Âåíãðèÿ Àâñòðèÿ 4 äíÿ îò 68 åâðî
"Íà ÷àøå÷êó êîôå ïî-âåíñêè" Âåíãðèÿ 

Re: website page to fix

[Andres Perera]

On Sat, Jun 30, 2012 at 4:51 PM, Ted Unangst  wrote:
> Somebody wants to fix something?  Straighten the hell out of
> anoncvs.html.
>
> For starters, I'm like 90% sure that all the jibber jabber about rsh vs
> ssh vs pserver can die in a fire.
>
> The list of crypto files is a joke.
>
> The big block of mirrors should probably be closer to the end.
>
> "CVS already compresses."  This is, in fact, a lie for servers that
> run the opencvs server.
>

about compression:

gnu cvs does not compress by default. it's documented in the info page
and ktrace reveals that it writes the file as is to the socket (easily
apparent when updating xenocara). when you specify -zn where n > 0 <
9, compression is upload only. assuming ssh does full duplex, wouldn't
it be better to suggest disabling cvs compression and specifying a
wrapper as CVS_RSH which enables ssh compression?

one keydisk to access multiple encrypted systems

[Erling Westenvik]

According to http://www.undeadly.org/cgi?action=article&sid=20110530221728
I've set up fully encrypted disk by using the bioctl(4) feature for
specifying a key disk

  # bioctl -C force -c C -l /dev/wd0d -k /dev/sd0d softraid0

and it works perfectly. But, is it possible to use the same key disk for
multiple systems, ie. using the same passphrase between them? The man
page for bioctl(4) mentions a -P switch

  -P  Change the passphrase on the selected crypto volume

but its usage is unclear to me.

Regards,
Erling

Re: OpenSSL handling intermediate certificates

[Ryan Kirk]

You're definitely on track, although I was referring to D.J.
Bernstein's recent slides: http://cr.yp.to/talks/2012.06.04/slides.pdf

In these, he does bring up the same problems again that his DNSCURVE
purported to solve, about weak algorithms, signing (or lack of),
forgeries, and UDP amplification. It might just be who I follow, but
I've seen a lot of discussion around this lately on twitter by Jacob
Appelbaum and other privacy/crypto types. Perhaps 'mired in
controversy' was an overstatement, but it definitely appears that spec
has problems.

RK

On Fri, Aug 24, 2012 at 6:17 AM, Kevin Chadwick  wrote:
>> However,
>> this would require DNSSEC to be secure (which itself seems to be mired
>> in controvery lately, not to mention the slow rate of adoption)
>
> Do you have a reference for that. I know of the controversy around
> DNSCURVE before DNSSEC even arrived but haven't seen any of late. Is it
> to do with the restriction of key length by dns record size and use of
> RSA rather than ecdsa which offers more security to key length ratio or
> something else?
>
>
> --
> ___
>
> 'Write programs that do one thing and do it well. Write programs to work
> together. Write programs to handle text streams, because that is a
> universal interface'
>
> (Doug McIlroy)
> ___